hxxps://www[.]mediafire[.]com/file/x7pwmnmfvg7avdy/New_folder[.]rar/file

Resubmissions

10/02/2024, 08:23

240210-j98fssbg53 1

10/02/2024, 08:06

240210-jze2hahe6t 10

Analysis

max time kernel
156s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/02/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/x7pwmnmfvg7avdy/New_folder.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133520270221827390"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
5792	chrome.exe
5792	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5644	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 376	2572	chrome.exe	84
PID 2572 wrote to memory of 376	2572	chrome.exe	84
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 4044	2572	chrome.exe	86
PID 2572 wrote to memory of 1256	2572	chrome.exe	87
PID 2572 wrote to memory of 1256	2572	chrome.exe	87
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88
PID 2572 wrote to memory of 2416	2572	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/x7pwmnmfvg7avdy/New_folder.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6ae9758,0x7ff9c6ae9768,0x7ff9c6ae9778
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5192 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4984 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5192 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5496 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5148 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5088 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5084 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6568 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6768 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6896 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7604 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3604 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6996 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7760 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\New folder.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7164 --field-trial-handle=1896,i,2633363895689507764,5371438110185737317,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8ae25b226e0662d256cdb32f2777f840

SHA1
39594f82a6dd98b6e4a341648cd56e9efc6aa16e

SHA256
935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207

SHA512
e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03f4019fa7d2e07ed55dc25c6c5c08ed

SHA1
4da027152461ce2863ab505e1a253a519ac0c4eb

SHA256
9fa72605cb08d73c91495a27ee10531d7da79b70f38fb4fbe571919ab386d4a3

SHA512
ad65e8f8c021638aa0f0e739a8e013d37f674e5654b285a8e3d7c50487acfc0a11163559ebabfd91cb8f1d23a31ef0881d746198dfaec3195dc5ee0510dd2a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
b4ecf2fcbfcb5da49fc1d2929504d825

SHA1
af9cceaa18510902a233ba33f00f5437730be110

SHA256
82f24a29dd85357a9b4862a0a9ed7e2d9f1119224bf0d61b7a29618c6edffd45

SHA512
029e181a7ecc60c8d692781a034758baa4536bb54c6679d35e284c2d5caaac5a931cc5b435bd0afe38025b830a291a59f1b6e3c8a00ddd51b6d9e7f49ed485ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\425b0ac4-4c0e-408b-a3e3-fa8770d45fcb.tmp

Filesize
4KB

MD5
3bf91d4462718b31cc6de8a8acf8cc05

SHA1
6eada91f7461f29a022f821042d53a44dc379c43

SHA256
3ee7254861099999f5e40604e3d37a2cd5d8cc16c22e9bbfc867dd872711f1b5

SHA512
ddbac4e185430a05fdbc2e0e7cdb28a511a190d0c94941b4420b0c93a73436d24d246c17b75a8fa04f056307183a7ba576bc46666585ccfb257867e3339e3a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
875dbb78ef03cf51a10b8fa756a39447

SHA1
343d70f2270afec9db350f4dd59046f942390350

SHA256
7fd31f61ca5c4902bcaeb9591832070d64751e4a240b0f26b9523d18a202014e

SHA512
5faff2930cf3d79de52a1e940184356e1972dda8a0fe847109d162f3a6d2a889f25167c69c604de5e46f67722fceddabb8ada2e6a93c3b3a929dbb757fb76fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
c5e12da02de23e130eef5b0d1c97ab4e

SHA1
de19e1a8d9f28def819e253ed6da8dde9fc631d9

SHA256
81d615aa18c723335d18f40ef6261664559d784bf5d1db18bde3e9728ce2802a

SHA512
5fa778168e78ddb626cd83714a1d2e31a1061e227c3542b95160c61c8e86650e70d376a043ad9707ccb8b8fdc5f88b2e87e3306008990eb8a2a2ae56bef50f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
031db90e5e487e791af0df6aaed70957

SHA1
667cf35e555614b877fcc3eff96fc85b085a569e

SHA256
300d33b6621bee3a0d2dfe82e23a11eacf1004e0373977fe0e54c8e0b1d63511

SHA512
653669217b1c7fde843467f64d2f8253af26b56ac47993ab190457d686ac9f91d23d0951b6a7baf94f116a78733496d315d5f9ee28d712aa225d689c44046fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61f10179a0cb751d8779c32b60a15039

SHA1
a21642e8f8174ebdc0c72f83f6cc12974ea6fc26

SHA256
72fee23297dd9479e685b1664032d7d96ac1aadf5103542943485fbff2018ef1

SHA512
10e52547203fa3e7a0943b1897659ea5ddb32249a9877cb9fd916b3968b8e96d62e4cfe2b776935e58447b883ec70af4c505ae9f1bc6056c7717f590d812ac71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4e0891d7ca50c6110df3b510ae35f898

SHA1
0179363ef74cf4ddbbf9be6e04f5675fff89ffae

SHA256
900e8a71bb0e658819da8005bc54dac23a107410efbbb8fc6cd299f4da7f9279

SHA512
6acce0051b16e28bfef3bfed1d7e01c5881e0aaa742c46edc95533c66b1062eda0de5f83eb286609a0b0007d4a8a8c3f0fbee17ec9c3a12c3d7df4847e1e6dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
73af1856d0f4e48031fd932bec300a20

SHA1
30a48d9a3ce5ad5966a75863c8c0a1e9c47857fe

SHA256
e959c774ab5ad9fca2ee951c35e0f370ad0e1fa94ec2ec58a1e67baddd4836d8

SHA512
d8eae69e229e280e20f20171d4f6545fc65032792c54af4f1d183fba20f877e67cbb5c2b293df795349e8e20ccbbdfd8bb68a65a4bda69c58dc70e871c1726e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e35741835eb646d260799cd84ae78e9f

SHA1
7a026cfaa31fdc0ffdbf3ff4a50c708efa1435ea

SHA256
00ded416be41c652360fa7824319c5c2cad41d8a7236bd7f703bf66625c10bf8

SHA512
5f6aa90b642d00b2c13f8546c2af698ed49361764d43ec90134979a9f6879de7a3d1cb2cf4c9888493987d1fd3614d10ec6ac282690c1cb49dea4e5ecce51d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8901d1dbbbaa26eab21e48bea4f89f84

SHA1
0a5d33925400c7bedcc3df3f0cdcdd6fcd447404

SHA256
eba70ae30aa178058b5247f4b31ad32f3a6e17ba04c32e669fcdfa0e77822fe7

SHA512
7c6ae75c6baf990251fe72f3150bc1d4c60eeb8e5e2bf63f6e96dbfd34905261fd1448b03fd6e6d17008e918afbda6fa993fa42a8f32f533dc0991263e67527e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68b095b0e37a95f3c363e26319a38155

SHA1
fce201e9063bc15deca8376da555e7433eb47efa

SHA256
b6a7c198c49d85f46270208131b8bd011256b2666595831aeb019c207ed852b8

SHA512
c64f9400e2628a7a20f68c375718d15f29d411aba8469a615a127e6cffc8497f8e246a4bfd9eaf8da20b1afb5e4dfaad640179527e14a164d56dfeb97ec113bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
169d9a2b4e1a0b79366f27e3d76af35b

SHA1
4be8c244d3b68c87c05be7ff48f92d28a9f56669

SHA256
4c0e4bf7bba7d3a1f850e38d690524be06102d8c3dd37d04e31bda846c488436

SHA512
3ee956a802434aaceae5a69307b7013e184e9b807eb85ed2931e95e21520f61b2dcf3c3d7db14099deb7d97048adc4fcdda883e249992b7c31b0728c4fe90db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a12cf36c7d6029d97bcc7e38c3367b5

SHA1
b69863f1cc2709533b0c23a5b71b29fe6050d5d7

SHA256
c59d41c1d1f59636b9e835c13f9233ecebc6c3ce80b9ae09b1d64a519e757875

SHA512
26942c6d42498416d7a683c9d9f30f746e525cfdcf257f14cd5a49bd5e593363f63fdb56c1b90d3a6a7cec0e443318ca9fd6f15eff9a495c12c741e49afd4b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8394d2ea87e8f1e6b2611118bd54b9a6

SHA1
9faecb809f10c4df417b540306cafab7ab84902b

SHA256
48479c6197faa3b7bea1cd6bebd7fed4f702b8c2555b122e6ae3a9e8c03b8fc5

SHA512
06e430b994d2ff2bc3eb45c7bff86ef5b58900aa7db0fd2f8bea83181575c13ed674ac5c24792f547b5bd2e7bcaad751678911418b4d5e9e97d7e929ea34f5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
25dbd4e3e635752ee16a490d021b3812

SHA1
6f48f4af53b87dee2444b95a13f220525bfb4a14

SHA256
520d1e88c3725d759cd064098e82d334cedf432556e5db610952a7c72187341d

SHA512
0a67bf112ebcab976b4582d73b430d536a8187bc101aa1a3373902b025304055561d32d4ef7411e72e4cab84b2f2c998343fb7bf3ab421df985e41e3593220b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
7f522c6387eed0b62f4eb0eadc36afa4

SHA1
5ddf6b6986768504abdf550c4b90cd4d0e3516e9

SHA256
1ebdbbfd4a664ddd0e925a4b55ffa529bb257aa76922b4993daff08ce876fe1c

SHA512
4a0019987b396b64867edcb7fa621ffb47a44cda50c1750d347ebbfa61026a0a81d943fa654624bb8cc8b5cbb2c625a53bc7f3f0c3ee94accf371affebb14b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fce9.TMP

Filesize
103KB

MD5
28f7f34eacc2fb2f7654ac2dfd5300b1

SHA1
7e2e36372351c95ce1489e6145d154b6828898ab

SHA256
ca0e4d65b70f1141efb93c47c4d11490311cb2c340c20cffae3c884c29f898a0

SHA512
af7971db9696db2f6195900c634ecbc18bd412cdc0671363ddb4d2e4fce0d1884ec88b8afa8a2329276176ab16eb755753f0e204958a3d44fc18f743e17a514b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\da4fcb9c-fd7a-4cfb-94d3-f6923b1f010f.tmp

Filesize
109KB

MD5
d797779a857eddc96503494dfca326be

SHA1
358e137910ac7d5fe87e4e60ee922899fc1a62fb

SHA256
54328a8c1bb4dcd5e538b12c565d37baab71770199080e855021bf43c886cc2e

SHA512
34e8dd1ee5bd0f5c235d543e09c7382c0b073b677d054bdb30df15c645b9d51e40f958f2507fecddabe5c1ef742fc70a9ff46075a17f101d87e837edf8664437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\New folder.rar

Filesize
5.8MB

MD5
6d80624c15ed5d76f7179d0ea88e3dfd

SHA1
e957968840183204f52b09b8222dfdaf0aff560f

SHA256
d417a907c1f537b9a1eeb4f69f0219f64342b0c900071aa08f7262e501b356c1

SHA512
81ee2b101317d48dd463d178c56a5de3fd37bc166b4e5d30e6576d0fde0a87da9262ffc58fdcd07ead937426960cad68dc75fdfac3dde877d7f76ff088cd04a7

Download Submit